So far our basic idea for where to associate peers using TLS with an internal user id so that permissions can be applied to calls going through sipXecs has been to add it in the ITSP configuration somewhere (see some of the comments in http://track.sipfoundry.org/browse/XX-6398). Although this would work for calls coming through sipXbridge, it doesn't help with calls which arrive at sipXproxy. So I thought a more general design would look like this:
new Trusted Peers menu item (maybe under Users?) contains list of trusted peers (FQDN/IPaddr), with Add Trusted Peer button clicking on any trusted peer goes to Permissions page for the internal user for that trusted peer, with the internal user appropriately hidden from the user (maybe). clicking Apply or OK creates (if necessary) a new special internal user id for that trusted peer (~~pi~<domain>) with the configured permissions, and replicates the peeridentities.xml mapping file with the trusted domain name and the internal user to be used for that domain. Quick help for the page: "To allow calls from an authenticated peer to use resources that require permissions, add the domain as a Trusted Peer (specify FQDN or IP address) and configure the permissions for it. The peer must use TLS to communicate to this system, and the Certificate Authority used to sign certificates must be installed on both systems." Quick links: Certificate Authorities Thoughts? Of course opinions on wording, etc welcome. Carolyn
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
